[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Technical committee resolution

On Sat, 29 Mar 2008, Joey Hess wrote:
> Well, just to pick an example, if the TC had chosen you to deal with
> the wordpress-in-stable issue, and you had personally decided it
> needed to be in stable, and had done whatever work was initially
> needed to get it into stable with security support, you'd still be
> responsible for its security now, and the several security holes it
> has now would be a problem that you'd be aware of, and at least be
> worrying about if nothing else.

The package in question, as problematic as it is, has an active
maintainer who claimed that he would do exactly this. According to the
list of open bugs that I can see, the security issues that are
currently affecting the stable version are supposedly minor. [If
they're not, someone who knows more about the CVEs in question that I
do should file more bugs and/or adjust severities appropriately.]

Don Armstrong

[A] theory is falsifiable [(and therefore scientific) only] if the
class of its potential falsifiers is not empty.
 -- Sir Karl Popper _The Logic of Scientific Discovery_ §21

http://www.donarmstrong.com              http://rzlab.ucr.edu

Reply to: